AllowUnsafeUpdates and ValidateFormDigest
By Kit
Add this to the list of things every SharePoint developer should know (up there with disposing SPWebs and SPSites).
In general…
- Don’t update SharePoint objects on a GET request
- Call SPUtility.ValidateFormDigest() before anything on a POST request
Here are the two links to read:
- What you need to know about AllowUnsafeUpdates (Part 1)
- What you need to know about AllowUnsafeUpdates (Part 2)